IBM Security Secret Server
by IBM
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-20569 | 0.00 | — | 0.00 | Sep 14, 2021 | IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. IBM X-Force ID: 199243. | |||
| CVE-2020-4843 | 0.00 | — | 0.00 | Dec 21, 2020 | IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. IBM X-Force ID: 190048. | |||
| CVE-2020-4840 | 0.00 | — | 0.00 | Dec 21, 2020 | IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a… | |||
| CVE-2020-4324 | 0.00 | — | 0.00 | Sep 23, 2020 | IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation. IBM X-Force ID: 177515. | |||
| CVE-2020-4342 | 0.00 | — | 0.00 | Jun 24, 2020 | IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. IBM X-Force ID: 178182. | |||
| CVE-2020-4341 | 0.00 | — | 0.00 | Jun 24, 2020 | IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178181. | |||
| CVE-2020-4327 | 0.00 | — | 0.00 | Jun 24, 2020 | IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 177599. | |||
| CVE-2020-4322 | 0.00 | — | 0.00 | Jun 24, 2020 | IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further… | |||
| CVE-2019-4639 | 0.00 | — | 0.00 | Jan 28, 2020 | IBM Security Secret Server 10.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 170045. | |||
| CVE-2019-4636 | 0.00 | — | 0.00 | Jan 28, 2020 | IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. IBM X-Force ID: 170013. | |||
| CVE-2019-4635 | 0.00 | — | 0.01 | Jan 28, 2020 | IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011. | |||
| CVE-2019-4633 | 0.00 | — | 0.00 | Jan 28, 2020 | IBM Security Secret Server 10.7 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 170007. | |||
| CVE-2019-4632 | 0.00 | — | 0.00 | Jan 28, 2020 | IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force… | |||
| CVE-2019-4631 | 0.00 | — | 0.00 | Jan 28, 2020 | IBM Security Secret Server 10.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a… |
- CVE-2021-20569Sep 14, 2021risk 0.00cvss —epss 0.00
IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. IBM X-Force ID: 199243.
- CVE-2020-4843Dec 21, 2020risk 0.00cvss —epss 0.00
IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. IBM X-Force ID: 190048.
- CVE-2020-4840Dec 21, 2020risk 0.00cvss —epss 0.00
IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a…
- CVE-2020-4324Sep 23, 2020risk 0.00cvss —epss 0.00
IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation. IBM X-Force ID: 177515.
- CVE-2020-4342Jun 24, 2020risk 0.00cvss —epss 0.00
IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. IBM X-Force ID: 178182.
- CVE-2020-4341Jun 24, 2020risk 0.00cvss —epss 0.00
IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178181.
- CVE-2020-4327Jun 24, 2020risk 0.00cvss —epss 0.00
IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 177599.
- CVE-2020-4322Jun 24, 2020risk 0.00cvss —epss 0.00
IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further…
- CVE-2019-4639Jan 28, 2020risk 0.00cvss —epss 0.00
IBM Security Secret Server 10.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 170045.
- CVE-2019-4636Jan 28, 2020risk 0.00cvss —epss 0.00
IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. IBM X-Force ID: 170013.
- CVE-2019-4635Jan 28, 2020risk 0.00cvss —epss 0.01
IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011.
- CVE-2019-4633Jan 28, 2020risk 0.00cvss —epss 0.00
IBM Security Secret Server 10.7 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 170007.
- CVE-2019-4632Jan 28, 2020risk 0.00cvss —epss 0.00
IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…
- CVE-2019-4631Jan 28, 2020risk 0.00cvss —epss 0.00
IBM Security Secret Server 10.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a…